% !TEX root =  main.tex

\subsection{SECTET}
\label{sec:SECTET}

\begin{figure}[t]
	\centering
	\includegraphics[width=\columnwidth]{./figures/SECTET}
	\caption{SECTET Y-Process}
	\label{fig:SECTET}
\end{figure}

Breu \etal have proposed \emph{SECTET} \cite{mdse-breu-jos-2007,10.1007/s10009-007-0045-y},
a framework based on a \UML profile for business and security modeling and
analysis.

\smallskip\noindent \textbf{Security Concerns.}\hspace{0.5cm} \emph{SECTET} is mainly designed to deal with
access control.

\smallskip\noindent \textbf{Modeling.}\hspace{0.5cm}  The \emph{SECTET} framework consists of a modeling
component \emph{SECTET-UML} and an Object Constraint Language (OCL) style
predicative language called \emph{SECTET-PL}. The \UML profile
(\emph{SECTET-UML}) is used to model business requirements and static security
requirements, such as roles and their hierarchies. Dynamic security requirements
are defined as \emph{Type Navigation Expressions} and {Permission Predicates}
expressed in \emph{SECTET-PL}.
 
The model composition is an annotation process which integrates
\emph{SECTET-UML} models with dynamic security requirement expressions in
\emph{SECTET-PL}, to form a platform independent application model
(\textsc{Pim}), on which platform independent security analysis can be
performed;

\smallskip\noindent \textbf{Transformation.}\hspace{0.5cm}  With the necessary platform information, the
platform independent application model (\textsc{Pim}) can be transformed to XACML
meta-model (M2M) and later transformed into XACML policies (M2C).

\emph{SECTET} conforms weakly to our Y-Model proposal given that, comparing with
\emph{secureUML} where the business and security source code is partially
generated, only XACML policies can be produced from the model-to-code transformation.

\smallskip\noindent \textbf{Analysis.}\hspace{0.5cm}  Similarly to \emph{secureUML}, in \emph{SECTET} access
control verification may be done on the composed platform independent model by
querying the model using \textsc{Ocl} constraints. No traceability as
defined in the Y-Model exists in this methodology.

The synthesis of \emph{SECTET} methodology as a specific \emph{Y-Process} is
shown in \fig \ref{fig:SECTET}.
 

